6

I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code.

public ActionResult Entity(string entityCode)
{
    if (CurrentUser.VerifyEntityPermission(entityCode))
    {
        //populate viewModel...
        return View(viewModel);
    }
    return RedirectToAction("NoAccessToEntity", "Error");
}

I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible?

[EntityAuthRequired]
public ActionResult Entity(string entityCode)
{
        //populate viewModel...
        return View(viewModel);
}
Improve this question
1
  • how you did that Commented Apr 6, 2017 at 13:09

1 Answer 1

Reset to default
3

Something like this might help you on your way. Though you may want to add some additional properties to your attribute to allow you to specify your entityCode parameter on each action, rather than hard-code it.

public class EntityAuthRequired : FilterAttribute, IAuthorizationFilter 
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        //Make sure that this is not NULL before assigning value as string...
        var entityCode = filterContext.RouteData.Values["entityCode"] as string;
        // do your logic...         
        if (!allowed)
            filterContext.Result = new HttpUnauthorizedResult();            
    }
}

Also, if the entityCode isn't in your RouteData, you can use filterContext.RequestContext.HttpContext.Request to look at the POST data.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

how to get controller post json values in Authorizeattribute.and in AuthorizeRequest method

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.